From a26ec45d7412c86c2bf7ecc2aee09cb3806a92c8 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 26 May 2023 11:28:47 +0200 Subject: [PATCH] tfa: add api::methods::unlock_tfa This mostly serves as documentation for the API call to be implemented across our products. It's otherwise already just a oneliner on the TfaConfig. Signed-off-by: Wolfgang Bumiller --- proxmox-tfa/src/api/methods.rs | 15 +++++++++++++++ proxmox-tfa/src/api/mod.rs | 8 +++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/proxmox-tfa/src/api/methods.rs b/proxmox-tfa/src/api/methods.rs index 5410ccdc..452c7d4d 100644 --- a/proxmox-tfa/src/api/methods.rs +++ b/proxmox-tfa/src/api/methods.rs @@ -179,6 +179,21 @@ pub fn delete_tfa(config: &mut TfaConfig, userid: &str, id: &str) -> Result Result { + config.unlock_tfa(userid) +} + #[cfg_attr(feature = "api-types", api( properties: { "entries": { diff --git a/proxmox-tfa/src/api/mod.rs b/proxmox-tfa/src/api/mod.rs index f9d7894c..9c0227da 100644 --- a/proxmox-tfa/src/api/mod.rs +++ b/proxmox-tfa/src/api/mod.rs @@ -144,14 +144,16 @@ fn check_webauthn<'a, 'config: 'a, 'origin: 'a>( impl TfaConfig { /// Unlock a user's 2nd factor authentication (including TOTP). - pub fn unlock_tfa(&mut self, userid: &str) -> Result<(), Error> { + /// Returns whether the user was locked before calling this method. + pub fn unlock_tfa(&mut self, userid: &str) -> Result { match self.users.get_mut(userid) { Some(user) => { + let ret = user.totp_locked || user.tfa_is_locked(); user.totp_locked = false; user.tfa_locked_until = None; - Ok(()) + Ok(ret) } - None => bail!("no such challenge"), + None => bail!("no such user"), } }